From owner-svn-src-all@freebsd.org Sat Jan 27 08:56:51 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1D800E7838F; Sat, 27 Jan 2018 08:56:51 +0000 (UTC) (envelope-from dexuan.bsd@gmail.com) Received: from mail-lf0-x243.google.com (mail-lf0-x243.google.com [IPv6:2a00:1450:4010:c07::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 67C997D6F6; Sat, 27 Jan 2018 08:56:50 +0000 (UTC) (envelope-from dexuan.bsd@gmail.com) Received: by mail-lf0-x243.google.com with SMTP id q194so3478789lfe.13; Sat, 27 Jan 2018 00:56:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=zuOKqYpQcJL96POoQudADaOQp/x9tezPqtDsSk/AF88=; b=kxNyiBAYwTySRmZIfpOTt2OPAKaWVzhICF7BxhjQa7mlWiLRe5nGf6SOSufhzwHy8Y r472bvlVEZJiQdJ2yI9sPerE4UwtwG3Kkf9lUcCpADZibe9BWGv04pA8aB/QiQxG+AML nlP5aq7nN7Vum8U+/3I4biLvVqVe/s78d8XCsDyOQ8rZCQwz6EJfsGAK2U3LuU3jxpVn dMSB7FxA6I/M2jWnFsXuxI9rclG6b4Fp+Fwm+gSc1JwEy1DeqXa5nx05io4B2oZkHzGz dxpIqHsi4twxjIUIIrhhHa7sctBnv/+RgDaqNlP87OeS9glZC08RUJfv+/9lAFBOue/R s0QA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=zuOKqYpQcJL96POoQudADaOQp/x9tezPqtDsSk/AF88=; b=rvu6L2ShPzCybq5KGPhrUBKOA2c+iM46WhW+3R/zO865q/Kv4EYR8Nz11ePj+Tl/SM XnKoT4kQ7VSHxrlXzyzIUs7N0D8AyLVxOE2z6b5JpnXrlbR+yIo2ivN0yZUAJS2cZxrl bEPK3kEpomK1T6PRedWWN2muqa8mbGkESMFyk9ZRL536cn4raHHX5vAtnDQoVjxH9PBl 8Kw+Svbp7RvaObonJ3/N+D/vk2+lYF+4IsiEIjU6FaXhngOBSmg4k+hD1Xa2Ubchv/XO 1cEjvw8M6RAXj/ujkaX/vCMCuM6mVKLtQoM8CML/+4h595vvLuWDpDg0dfEolS0UyzHY raKg== X-Gm-Message-State: AKwxytfyUWeuTRLF/f5qMnn+9BVMj2RCwSB/2NmgqKClV456mDuWJnOK lSHvgSOeZtc4p/4grY3fWXaFckOjKWDO9bcFO6SGHmAf X-Google-Smtp-Source: AH8x224rVqXpTQrPksGb30vokvownXnfSGCVNpSnssf6uV7Rx9DemXL4ijKTIZ5o/Slwz1nE19kbOxC46DQBdu/kwBc= X-Received: by 10.46.65.154 with SMTP id d26mr3934341ljf.109.1517043408230; Sat, 27 Jan 2018 00:56:48 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.228.148 with HTTP; Sat, 27 Jan 2018 00:56:47 -0800 (PST) In-Reply-To: <201801191542.w0JFgY1Q070919@repo.freebsd.org> References: <201801191542.w0JFgY1Q070919@repo.freebsd.org> From: Dexuan-BSD Cui Date: Sat, 27 Jan 2018 00:56:47 -0800 Message-ID: Subject: Re: svn commit: r328166 - in head/sys: amd64/amd64 x86/include x86/x86 To: Ed Maste , markj@freebsd.org, kib@freebsd.org, cem@freebsd.org, mhorne063@gmail.com, gordon@freebsd.org, pho@freebsd.org, jeff@freebsd.org, jhb@freebsd.org, nullius@nym.zone, decui@microsoft.com, sephe@freebsd.org Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-Mailman-Approved-At: Sat, 27 Jan 2018 11:46:02 +0000 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jan 2018 08:56:51 -0000 Hi, Today I found the KPTI patch broke FreeBSD VM running on Hyper-V: the VM can't boot due to: vmbus0: cannot find free IDT vector This is the related snippet: dev/hyperv/vmbus/vmbus.c: vmbus_intr_setup() -> lapic_ipi_alloc() fails: /* * All Hyper-V ISR required resources are setup, now let's find a * free IDT vector for Hyper-V ISR and set it up. */ sc->vmbus_idtvec = lapic_ipi_alloc(pti ? IDTVEC(vmbus_isr_pti) : IDTVEC(vmbus_isr)); if (sc->vmbus_idtvec < 0) { device_printf(sc->vmbus_dev, "cannot find free IDT vector\n"); return ENXIO; } Luckily for now I can work around this boot failure by adding vm.pmap.pti=0 into /boot/loader.conf. Any suggestion? Thanks! -- Dexuan On Fri, Jan 19, 2018 at 7:42 AM, Ed Maste wrote: > Author: emaste > Date: Fri Jan 19 15:42:34 2018 > New Revision: 328166 > URL: https://svnweb.freebsd.org/changeset/base/328166 > > Log: > Enable KPTI by default on amd64 for non-AMD CPUs > > Kernel Page Table Isolation (KPTI) was introduced in r328083 as a > mitigation for the 'Meltdown' vulnerability. AMD CPUs are not affected, > per https://www.amd.com/en/corporate/speculative-execution: > > We believe AMD processors are not susceptible due to our use of > privilege level protections within paging architecture and no > mitigation is required. > > Thus default KPTI to off for AMD CPUs, and to on for others. This may > be refined later as we obtain more specific information on the sets of > CPUs that are and are not affected. > > Submitted by: Mitchell Horne > Reviewed by: cem > Relnotes: Yes > Security: CVE-2017-5754 > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D13971 > > Modified: > head/sys/amd64/amd64/machdep.c > head/sys/x86/include/x86_var.h > head/sys/x86/x86/identcpu.c > > Modified: head/sys/amd64/amd64/machdep.c > ============================================================ > ================== > --- head/sys/amd64/amd64/machdep.c Fri Jan 19 15:32:27 2018 > (r328165) > +++ head/sys/amd64/amd64/machdep.c Fri Jan 19 15:42:34 2018 > (r328166) > @@ -1621,6 +1621,7 @@ hammer_time(u_int64_t modulep, u_int64_t physfree) > mtx_init(&dt_lock, "descriptor tables", NULL, MTX_DEF); > > /* exceptions */ > + pti = pti_get_default(); > TUNABLE_INT_FETCH("vm.pmap.pti", &pti); > > for (x = 0; x < NIDT; x++) > > Modified: head/sys/x86/include/x86_var.h > ============================================================ > ================== > --- head/sys/x86/include/x86_var.h Fri Jan 19 15:32:27 2018 > (r328165) > +++ head/sys/x86/include/x86_var.h Fri Jan 19 15:42:34 2018 > (r328166) > @@ -136,6 +136,7 @@ void nmi_call_kdb_smp(u_int type, struct > trapframe *fr > void nmi_handle_intr(u_int type, struct trapframe *frame); > void pagecopy(void *from, void *to); > void printcpuinfo(void); > +int pti_get_default(void); > int user_dbreg_trap(void); > int minidumpsys(struct dumperinfo *); > struct pcb *get_pcb_td(struct thread *td); > > Modified: head/sys/x86/x86/identcpu.c > ============================================================ > ================== > --- head/sys/x86/x86/identcpu.c Fri Jan 19 15:32:27 2018 (r328165) > +++ head/sys/x86/x86/identcpu.c Fri Jan 19 15:42:34 2018 (r328166) > @@ -1608,6 +1608,16 @@ finishidentcpu(void) > #endif > } > > +int > +pti_get_default(void) > +{ > + > + if (strcmp(cpu_vendor, AMD_VENDOR_ID) == 0) > + return (0); > + > + return (1); > +} > + > static u_int > find_cpu_vendor_id(void) > { > >